The Cyber Security Analyst is: proficient in the field of (SIEM) Security Information and Event Management and cyber security incident response. The Cyber Security Analyst has strong coordination, communication and collaborations skills as well as a good technical and architectural understanding. On a day to day basis the Cyber Security Analyst will assist with tuning and developing threat correlations within the company (SIEM) platform; as well as conducting research and development in the area of cyber security to proactively propose improvements for how to reduce risk and strengthen the security posture of Realogy and our ability to respond to cyber-attacks.
- Maintain the health, integrity, and deployment of the companies (SIEM) platform
- Develop and implement threat correlation routines as related to (SIEM)
- Provide level 2 proactive security events analysis and threat analytics
- Leverage, implement, and fine tune security tools and processes leveraged by Realogy to proactively hunt for indications of compromise
- Execute, develop, and document (SIEM) best practices and handling guides.
- Conduct in-depth analysis of cyber threat data to include: identification of active security threats, development of new analytic methods, reverse engineering of malicious code, and documenting and transitioning results in reports and presentations.
- Provide management with metrics and reports.
- Minimum 5-7 years of experience in Information Security
- Bachelor of Science Degree with a concentration in Computer Science, Information Technology, Cyber Security or equivalent prior work experience in a related field.
- One or more industry certifications (or achieve within 12 months):
CISSP, CEH, GCED, GCIH, GCFA, GCFE, etc.…
- Proficient in at least one scripting and or object-oriented language such as but limited to, Perl, Python, Visual Basic, PowerShell, & C++
- Familiar with transactional data processing and or data manipulation such as but not limited to Transact-SQL, MySQL, Oracle, GREP, REGEX, & SPL
- Experience in Vulnerability Assessment, IDS/IPS configuration/monitoring, E-Mail security, Firewalls, TCP/IP packet analysis, Log analysis, understanding of IT frameworks, including but not limited to the OSI model, and the methods of exploiting those standards
- Extensive knowledge of (SIEM) architecture and threat correlation leveraging leading tools such as Splunk, Qradar, ArcSight, etc.
- Extensive knowledge and understanding of operating system internals, network security architecture, and protocol analysis
- Extensive knowledge of networking protocols and authentication methods.
- Knowledge of Information Security products and systems (Forensics toolkits, EDR, IDPS, HIPS, SIEM, etc.…)
- Experience with Incident response tools and techniques such as but not limited to Carbon Black Response
- Familiar with creating advanced detection rules in both Yara & Snort formats
- Familiar with current Pen Testing techniques and tools such as Kali Linux, Pass the hash, hashcat, & Metasploit
- Understanding of incident response methodologies and technologies
- Understanding of the life cycle of network threats, attacks, attack vectors, and methods of exploitation
- Strong analytical skills, creative thinking, and knowledgeable of security operations
- Willing to participate in on-call rotation for emergency cyber security situations
- Familiar with the most common forms of web development such as but not limited to, HTML, XML, PHP, Java, & .net
- Familiar with disassembly and reverse engineering binaries with tools such as but not limited to IDA Pro, W32Dasm, & Capstone